[gnome-settings-daemon/gnome-3-22] media-keys: Avoid using free'd memory

[Rui Matos <rtcm src gnome org>]

commit 4b77c267184d2ac94cb011dac2a38d9be4d6cfae
Author: Rui Matos <tiagomatos gmail com>
Date:   Mon Feb 13 21:31:22 2017 +0100

    media-keys: Avoid using free'd memory
    
    If a MetaKey instance is removed from the array and free'd after we
    call grab_media_key() but before the dbus reply comes in, we end up
    writing over free'd memory (&key->accel_id).
    
    https://bugzilla.gnome.org/show_bug.cgi?id=758302

 plugins/media-keys/gsd-media-keys-manager.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
---
diff --git a/plugins/media-keys/gsd-media-keys-manager.c b/plugins/media-keys/gsd-media-keys-manager.c
index b3adcaf..e5cf607 100644
--- a/plugins/media-keys/gsd-media-keys-manager.c
+++ b/plugins/media-keys/gsd-media-keys-manager.c
@@ -481,6 +481,7 @@ grab_accelerator_complete (GObject      *object,
                 g_error_free (error);
         }
 
+        media_key_unref (key);
         g_slice_free (GrabData, data);
 }
 
@@ -497,7 +498,7 @@ grab_media_key (MediaKey            *key,
 
        data = g_slice_new0 (GrabData);
        data->manager = manager;
-       data->key = key;
+       data->key = media_key_ref (key);
 
        shell_key_grabber_call_grab_accelerator (manager->priv->key_grabber,
                                                 tmp, key->modes,